Add missing test

Signed-off-by: Federico Busetti <[email protected]>

Author: febus982

tests/http_app/routes/test_auth.py

@@ -0,0 +1,91 @@
+from unittest.mock import MagicMock, patch
+
+import pytest
+from jwt import PyJWKClient, PyJWK
+from jwt.exceptions import PyJWKClientError, DecodeError
+from fastapi.security import SecurityScopes, HTTPAuthorizationCredentials
+
+from common import AppConfig
+from common.config import AuthConfig
+from http_app.routes.auth import (
+    MissingAuthorizationServerException,
+    _jwks_client,
+    UnauthenticatedException,
+    decode_jwt,
+    UnauthorizedException,
+)
+
+
+def test_jwks_client_raises_without_jwks_url():
+    with pytest.raises(MissingAuthorizationServerException):
+        _jwks_client(config=AppConfig(AUTH=AuthConfig(JWKS_URL=None)))
+
+
+def test_jwks_client_returns_a_client_with_jwks_url():
+    result = _jwks_client(config=AppConfig(AUTH=AuthConfig(JWKS_URL="http://test.com")))
+    assert isinstance(result, PyJWKClient)
+
+
+async def test_decode_jwt_raises_without_token():
+    with pytest.raises(UnauthenticatedException):
+        await decode_jwt(
+            security_scopes=SecurityScopes(),
+            config=AppConfig(),
+            jwks_client=MagicMock(),
+            token=None,
+        )
+
+
+@pytest.mark.parametrize("exception", (PyJWKClientError, DecodeError))
+async def test_decode_jwt_raises_if_jwks_client_fails(exception):
+    mock_jwks_client = MagicMock(spec=PyJWKClient)
+    mock_jwks_client.get_signing_key_from_jwt = MagicMock(side_effect=exception)
+    with pytest.raises(UnauthorizedException):
+        await decode_jwt(
+            security_scopes=SecurityScopes(),
+            config=AppConfig(),
+            jwks_client=mock_jwks_client,
+            token=HTTPAuthorizationCredentials(
+                scheme="bearer", credentials="some_token"
+            ),
+        )
+
+
+async def test_decode_jwt_raises_if_decode_fails():
+    returned_key = MagicMock(spec=PyJWK)
+    returned_key.key = "some_key"
+    mock_jwks_client = MagicMock(spec=PyJWKClient)
+    mock_jwks_client.get_signing_key_from_jwt = MagicMock(return_value=returned_key)
+
+    with pytest.raises(UnauthorizedException):
+        await decode_jwt(
+            security_scopes=SecurityScopes(),
+            config=AppConfig(),
+            jwks_client=mock_jwks_client,
+            token=HTTPAuthorizationCredentials(
+                # The token cannot be decrypted and will trigger the exception
+                scheme="bearer",
+                credentials="some_token",
+            ),
+        )
+
+
+async def test_decode_jwt_returns_the_decoded_jwt_payload():
+    returned_key = MagicMock(spec=PyJWK)
+    returned_key.key = "some_key"
+    mock_jwks_client = MagicMock(spec=PyJWKClient)
+    mock_jwks_client.get_signing_key_from_jwt = MagicMock(return_value=returned_key)
+
+    with patch("jwt.decode", return_value={"decoded": "token"}):
+        result = await decode_jwt(
+            security_scopes=SecurityScopes(),
+            config=AppConfig(),
+            jwks_client=mock_jwks_client,
+            token=HTTPAuthorizationCredentials(
+                # The token cannot be decrypted and will trigger the exception
+                scheme="bearer",
+                credentials="some_token",
+            ),
+        )
+
+    assert result == {"decoded": "token"}

tests/http_app/routes/test_hello.py

@@ -1,8 +1,34 @@
-from fastapi import status
+from fastapi import Depends, FastAPI, status
+from fastapi.security import HTTPBearer
 from fastapi.testclient import TestClient
 
+from http_app.routes.auth import decode_jwt
 
-async def test_hello_no_authentication_server(testapp):
+
+async def _fake_decode_jwt(
+    security_scopes=None,
+    config=None,
+    jwks_client=None,
+    token=Depends(HTTPBearer()),
+):
+    return {"token": token.credentials}
+
+
+async def test_hello_renders_what_returned_by_decoder(
+    testapp: FastAPI,
+):
+    testapp.dependency_overrides[decode_jwt] = _fake_decode_jwt
+    ac = TestClient(app=testapp, base_url="http://test")
+    response = ac.get(
+        "/hello/",
+        headers={"Authorization": "Bearer some_token"},
+    )
+    assert response.status_code == status.HTTP_200_OK
+    assert '"token": "some_token"' in response.text
+
+
+async def test_hello_returns_403_without_token(testapp: FastAPI):
+    testapp.dependency_overrides[decode_jwt] = _fake_decode_jwt
     ac = TestClient(app=testapp, base_url="http://test")
     response = ac.get("/hello/")
-    assert response.status_code == status.HTTP_500_INTERNAL_SERVER_ERROR
+    assert response.status_code == status.HTTP_403_FORBIDDEN

tests/http_app/test_dependencies.py

@@ -0,0 +1,9 @@
+from common import AppConfig
+from http_app import context
+from http_app.dependencies import app_config
+
+
+def test_app_config_return_context_variable():
+    config = AppConfig(APP_NAME="SomeOtherAppName")
+    context.app_config.set(config)
+    assert app_config() is config